SMTP Virtual Server Current Sessions showing some strange domain connections

I am seeing lots of sessions in our SMTP virtual server that I dont think should be there.  They are from some very odd domains including .hu, .it, .lb, etc.   Does this mean I have been comprimised?  I will make sure open-relay is not on, is there anything else I need to do?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Greg JacknowCommented:
If you haev an internet facing server you are going to see a lot of mail in your outgoing queue that are bounces from all sorts of span and other stuff setn to old/bad addresses.  Obviously the spam return addresses are mostly junk so they sit there in your outgoing queue and are retried.  This could be what you are seeing.

Greg J
globalwmAuthor Commented:
I am specifically talking about the Current Sessions on the smtp virtual server.
So long as your server is not set to open relay you should not have anything to worry about.

spammers may be trying to connect to your server, but if your not relaying it should all be ok.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I am also having the same problem. Under the virtual servers/sesions I have two users one named Hp2345345491 with an ip located in italy and the other authenticated user name localhost with ip in turkey.
Relay is off, if I disable these accounts in the virtual server all smtp mail fails, if I delete the internal address of the mail server things stop working I am in need of any help to resolve.
I am having a similar problem, lots and lots of spam and current sessions open from all over the world. I had a guy call me from states away to say that exchange was sending spam. I terminate the sessions but I just logged in to my server and have 4 more current session from two different places. I have had it checked for open relay but was told there was no open relays. We have also been getting some mail returned undeliverable and I am thinking we may be getting blacklisted. also if I am being blacklisted how can I find out an fix it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.